The firm has been fined £100,000 for putting 21,000 customers at risk of scams and fraud

It found that the company had breached data protection laws after staff from an IT firm working with TalkTalk were able to access large amounts of customer data through an online company portal.

According to the investigation, “rogue” staff at Indian firm Wipro, who resolved high-level complaints and network problems on TalkTalk’s behalf, used the portal to gain unauthorised access to customer data – including names, addresses and phone numbers.

“But the real victims are the 21,000 people whose information was open to abuse by the malicious actions of a small number of people.

“TalkTalk should have known better and they should have put their customers first.”

The investigation was launched after TalkTalk received complaints from customers who were receiving what they described as scam phone calls, however the ICO said it did not find direct evidence of a link between the compromised information and the scam call complaints.

MOST READ IN MONEY

FINGER LICKIN' FREEBIE

This is how you can get free KFC fries every Friday until November

sunemployment

Give university a pass and consider other options - like going straight into work or an apprenticeship

NOW THAT'S NEAT

Aldi's whisky has been voted one of the best in the world - and a bottle costs just £17.50

TOBLER-MOAN

Poundland fighting Toblerone maker over a chocolate bar based on Shropshire's The Wrekin rather than the Matterhorn

FRI-YAY

Here's how to get free fries from Deliveroo tomorrow - but is a restaurant near you taking part?

MONEY TALKS

What is the new Royal Bank of Scotland £10 polymer note, when is it in circulation and who features on it?

According to the investigation, 40 employees at Wipro had access to the data of between 25,000 and 50,000 TalkTalk customers, and three accounts linked to the firm were used to gain unlawful access to the data.

In a statement, a TalkTalk spokesman said: “We notified the ICO in 2014 of our suspicions that a small number of employees at one of our third-party suppliers were abusing their access to non-financial customer data.

“We informed our customers at the time and launched a thorough investigation, which has led to us withdrawing all customer service operations from India.

“We continue to take our customers’ data and privacy incredibly seriously, and while there is no evidence that any of the data was passed on to third parties, we apologise to those affected by this incident.”

TalkTalk customer threatened by hackers

The ICO investigation said account holders could log into the portal from any internet-enabled devices and carry out broad searches that enabled them to view up to 500 customer records at a time.

The investigation said this level of access was "unjustifiably wide-ranging" and placed data at risk.

The incident is unrelated to the 2015 cyber attack on the telecoms giant, when personal details of more than 150,000 customers were compromised, as well as partial financial information related to more than 15,000 customer accounts.

In June the firm announced an increase in bills hitting almost 400,000 customers earlier this month.

We pay for your stories! Do you have a story for The Sun Online Money team? Email us at money@the-sun.co.ukor call 0207 78 24516